Results 1 
6 of
6
The Security of Cipher Block Chaining
, 1994
"... The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta ..."
Abstract

Cited by 175 (29 self)
 Add to MetaCart
The Cipher Block Chaining  Message Authentication Code (CBC MAC) specifies that a message x = x 1 \Delta \Delta \Delta xm be authenticated among parties who share a secret key a by tagging x with a prefix of f (m) a (x) def = f a (f a (\Delta \Delta \Delta f a (f a (x 1 )\Phix 2 )\Phi \Delta \Delta \Delta \Phix m\Gamma1 )\Phix m ) ; where f is some underlying block cipher (eg. f = DES). This method is a pervasively used international and U.S. standard. We provide its first formal justification, showing the following general lemma: that cipher block chaining a pseudorandom function gives a pseudorandom function. Underlying our results is a technical lemma of independent interest, bounding the success probability of a computationally unbounded adversary in distinguishing between a random mlbit to lbit function and the CBC MAC of a random lbit to lbit function. Advanced Networking Laboratory, IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, NY 10598, USA. em...
Cryptanalysis of the CFB mode of the DES with a reduced number of rounds
 In Advances in Cryptology, Proceedings of CRYPTO 93
, 1993
"... . Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode. They are compared to ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
. Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode. They are compared to the three basic attacks on the CFB mode, namely an exhaustive key search, a comparison attack, and a tabulation attack. In 8bit CFB and with 8 rounds in stead of 16, a differential attack with 2 39:4 chosen ciphertexts can find 3 key bits, and a linear attack with 2 31 known plaintexts can find 7 key bits. This suggests that it is not safe to reduce the number of rounds in order to improve the performance. Moreover, it is shown that the final permutation has some cryptographic significance in the CFB mode. 1 Introduction The Data Encryption Standard (DES) was developed in the seventies at IBM (together with NSA) and was published by the National Bureau of Standards in 1977 [9]. Its int...
1 Hash functions and MAC algorithms based on block ciphers
"... Abstract. This paper reviews constructions of hash functions and MAC algorithms based on block ciphers. It discusses the main requirements for these cryptographic primitives, motivates these constructions, and presents the state of the art of both attacks and security proofs. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper reviews constructions of hash functions and MAC algorithms based on block ciphers. It discusses the main requirements for these cryptographic primitives, motivates these constructions, and presents the state of the art of both attacks and security proofs. 1
1Cryptanalysis of Message Authentication Codes¤
, 2004
"... This paper gives a survey of attacks on Message Authentication Codes (MACs). First it de¯nes the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The M ..."
Abstract
 Add to MetaCart
(Show Context)
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it de¯nes the required security properties. Next it describes generic forgery and key recovery attacks on MACs. Subsequently an overview is presented of most MAC constructions and on attacks on these algorithms. The MACs described include CBCMAC and its variants, the MAC algorithms derived from cryptographic hash functions, and the ISO banking standard Message Authenticator Algorithm, also known as MAA. 1